Security

I have already deployed over 802.1 x , I now to deploy the guest system,But I have what time it is not clear;

1.Controller configure authentication type is L3 authentication，

2.I  want to Guest SSID to connect visitors will redirect to a page,What kind of authentication type CCPM need to use？

How to configure authorization page？

Thanks！

[Mod note: adjusted subject text]

You should use a "service template" to configure the guest network on CPPM.  That will simplify creating the services.

Please read the attached doc, it will guide through the setup.

Attachment(s)

Aruba Wireless and ClearPass 6 Integration Guide v1.3 (3)...3 (3)   4.25 MB 1 version

Thanks:

I should use a "service template-----Guest Access" ?

2.But I will lead to the page before configuration is redirected to the following page;How to deal with it, or how to temporarily turn off this feature?

---

@Allen@Security wrote:

Thanks:

I should use a "service template-----Guest Access" ?

2.But I will lead to the page before configuration is redirected to the following page;How to deal with it, or how to temporarily turn off this feature?

---

1.  Yes

2.  The page should be:  https://<ip address of cppm>/guest/guest.php

Thank you very much;

But I see the document set the redirect url inside there is no https:// (CCPM - IP)/guest

The configure of the guide is like this: For example,https://x.x.x.x/web_auth.php；

At the bottom of the screenshots；

Yes, if you change the default, that is what it should be, what is in the screenshot.  You should be able to click on Test on the Weblogin, to see what URL it should be.

The picture as you say,But after the last connection Guest SSID, will be redirected to the OnGuard Portal, as shown in figure;

I'll be greatly appreciatived for your answer；

Is that what happens when you go to https://<ip address>/guest/cisco_web_auth.php?

After I connect Guest SSID，Expectations are redirected to a page (https://x.x.x.x/guest/cisco_web_auth.php)

But,But it is redirected to another page（https://x.x.x.x/guest/cisco_web_auth/........php）,Has increased a lot uri ;

Do you have the proper URL in the WEB Auth portion of the Cisco controller?  If you do, you should open a TAC case to determine what is creating the extra characters..

Ok, I again under test,Thanks!

Hi,You also need to please teach you;

Today I tested the Guest system，Visitors since the registration is successful, and can make a successful authentication；

I used a “service-template（Guest Access）”,but Visitors can't get authorization；Although showing authorization, but the result of the test is not;

How do I go about configuration, to be able to get the corresponding authorization?

I am unsure of your question.  What are you asking help for and what is the issue?

I do visitors according to service template system;

According to the wizard done, I use the wireless Guest SSID test;

The test can be from the date of successful registration and certification;

But I need to do an authorization to make the number of registered users cannot access the internal network, So I made an Enforcement polices,When I reconnect the SSID, authentication passed, but didn't get the expected authorization (VLAN20 authorization)；

Note: The Wireless controller did not show the authorization,But show on CPPM vlan20 authorization;

What should I do??

You need to post a screen shot of your enforcement Profile. 

If this is a cisco WLC you need to make sure you have airspace dictionary enabled and you have the proper enforcement profile.

for example this is a cisco airspace named acl.....